Safeguard Enterprise Data Exchange

---

ssij wrote:

Michelle,

The Sophos guys can correct me if I am wrong, but I believe that by default, when the SGN client is installed on a machine it will install the Data Exchange feature (unless explicitly disabled during the install).  You can check individual machines in the management console to see if they have the Data Exchange feature installed, and if not, you could use the SGNClient.msi file to install those components.

As for enabling it, you would need to create a policy that sets file encryption for removable media to start using the Data Exchange.

---

Hi ssij,

Thank you for posting a response to help others in the community! This is exactly how the forum is to be used.

I would like to add a couple supporting comments to your posting. During a manual installation of the SGN Client, the Typical option in the wizard will only include Device Encryption -> Volume Based Encryption. The Customer option in the wizard will enable someone to select other components such as Data Exchange or Configuration Protection.

If installing from a script, the ADDLOCAL parameter can be used to include the components to be installed. I'm guessing that Michelle is using a script or a packaging tool. If so, to get the binaries on the client, all you need to do is include the SecureDataExchange feature in your script. Refer to Chapter 12 of the SGN_Installation Guide.

The second piece of the puzzle necessary to get SGN DX working, as ssij wrote, is a Device Protection policy which selects either Removable Media or Optical Media as the target. Configure the policy as desired and then apply to a location in Users & Computers which includes user objects and computer objects. The Device Protection policy needs a computer object to activate the policy, but there are some security policy settings that are user object based as well.

Please let us know if you have any questions.

---

ssij wrote:

Michelle,

The Sophos guys can correct me if I am wrong, but I believe that by default, when the SGN client is installed on a machine it will install the Data Exchange feature (unless explicitly disabled during the install).  You can check individual machines in the management console to see if they have the Data Exchange feature installed, and if not, you could use the SGNClient.msi file to install those components.

As for enabling it, you would need to create a policy that sets file encryption for removable media to start using the Data Exchange.

---

Hi ssij,

Thank you for posting a response to help others in the community! This is exactly how the forum is to be used.

I would like to add a couple supporting comments to your posting. During a manual installation of the SGN Client, the Typical option in the wizard will only include Device Encryption -> Volume Based Encryption. The Customer option in the wizard will enable someone to select other components such as Data Exchange or Configuration Protection.

If installing from a script, the ADDLOCAL parameter can be used to include the components to be installed. I'm guessing that Michelle is using a script or a packaging tool. If so, to get the binaries on the client, all you need to do is include the SecureDataExchange feature in your script. Refer to Chapter 12 of the SGN_Installation Guide.

The second piece of the puzzle necessary to get SGN DX working, as ssij wrote, is a Device Protection policy which selects either Removable Media or Optical Media as the target. Configure the policy as desired and then apply to a location in Users & Computers which includes user objects and computer objects. The Device Protection policy needs a computer object to activate the policy, but there are some security policy settings that are user object based as well.

Please let us know if you have any questions.